This rule has been deprecated in favor of a more encompassing detection rule called "Windows Office Product Spawned Uncommon Process". The focus of this analytic was to monitor scenarios where Microsoft Office applications (like Word, Excel, PowerPoint, etc.) spawned the process `mshta.exe`, as this behavior is frequently observed in malware operations. Malware families such as TA551 and IcedID utilize this technique to execute malicious scripts, making their detection critical as it poses potential risks for arbitrary code execution, data exfiltration, system compromise, and subsequent malware deployment. The detection mechanism relied on data sourced from various endpoint monitoring tools, specifically enhancing oversight on process creation events linked to Office applications. Given its deprecated status, users are now advised to implement the newer detection approach for comprehensive coverage.